Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit prior to 1.5.2 allow remote malicious users to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache jackrabbit 1.4 |
||
apache jackrabbit 1.5.0 |